DIGITAL SIGNATURES--> Digital signatures are the public-key primitives of message

authentication. In the physical world, it is common to use handwritten signatures on handwritten

or typed messages. They are used to bind signatory to the message.

Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.

· Message digest is computed by applying hash function on the message and then message
digest is encrypted using private key of sender to form the digital signature. (digital
signature = encryption (private key of sender, message digest) and message digest =
message digest algorithm(message)).
 · Digital signature is then transmitted with the message.(message + digital signature is
transmitted)

· Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity,as only sender has his private key so only sender can encrypt using his
private key which can thus be decrypted by sender’s public key).

· The receiver now has the message digest.

· The receiver can compute the message digest from the message (actual message is sent
with the digital signature).

· The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity

REQUIREMENTS OF DIGITAL SIGNATURES

· Message authentication − When the verifier validates the digital signature using public
key of a sender, he is assured that signature has been created only by sender who
possess the corresponding secret private key and no one else.

· Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny
the message assuming that data integrity has been breached.

· Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in
the future. Document belongs to sender and sender cannot deny it.

FINGERPRINTS IN CYBER SECURITY

Fingerprints in the digital world are similar to what human fingerprints are in the real world. Simply put,
a fingerprint is a group of information that can be used to detect software, network protocols, operating
systems or hardware devices.
What is fingerprinting in cyber security?

Fingerprinting (also known as footprinting) is the art of using that information to correlate data sets in
order to identify—with high probability—network services, operating system number and version,
software applications, databases, configurations and more.

Once the penetration tester has enough information, this fingerprinting data can be used as part of an
exploit strategy against the target.

How does OS and network fingerprinting work?

In order to detect OS, networks, services and application names and numbers, attackers will launch
custom packets to the target. These packets will receive a response from the victim in the form of a digital
signature. This signature is one of the keys to identify what software, protocols and OS is running the
target device.

Once the attackers have the right information, they know your scenario, and can create a full
infrastructure map of all your services and possible network topology to fine-tune their digital assault.

Types of fingerprinting techniques

Just as there are many human fingerprinting techniques used to extract information from certain
scenarios, in the digital world there are many ways to analyze digital fingerprints from hosts.

Most digital fingerprinting techniques are based on detecting certain patterns and differences in network
packets generated by operating systems.

Fingerprint techniques often analyze different types of packets and information such as TCP Window
size, TCP Options in TCP SYN and SYN+ACK packets, ICMP requests, HTTP packets, DHCP requests,
IP TTL values as well as IP ID values, etc.

Active fingerprinting

Active fingerprinting is the most popular type of fingerprinting in use. It consists of sending packets to a
victim and waiting for the victim’s reply to analyze the results.

This is often the easiest way to detect remote OS, network and services. It’s also the most risky as it can
be easily detected by intrusion detection systems (IDS) and packet filtering firewalls.

A popular platform used to launch active fingerprint tests is Nmap. This handy tool can help you detect
specific operating systems and network service applications when you launch TCP, UDP or ICMP packets
against any given target.

By using internal scripting rules, Nmap analyzes the results from the victim replies, then prints out the
results—which are 99% of the time accurate.

Port scanning is one of the most traditional forms of fingerprinting. We’ve recognized Nmap as one of the
best port scanners around, as seen in our previous article Top 15 Nmap Commands to Scan Remote Hosts.

Passive fingerprinting

Passive fingerprinting is an alternative approach to avoid detection while performing your reconnaissance
activities.

The main difference between active and passive fingerprinting is that passive fingerprinting does not
actively send packets to the target system. Instead, it acts as a network scanner in the form of a sniffer,
merely watching the traffic data on a network without performing network alteration.

Once the attacker has sniffed enough information, it can be analyzed to extract patterns that will be useful
for detecting operating systems and applications.

While this type of technique may bypass common network intrusion detection techniques, it’s not
guaranteed to hide your network presence while sniffing traffic.

FIREWALLS

In computing, a firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules.

A firewall typically establishes a barrier between a trusted internal network and untrusted external
network, such as the Internet.

A firewall is a network security device, either hardware or software-based, which monitors all incoming
and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific
traffic.

· Accept : allow the traffic

 · Reject : block the traffic but reply with an “unreachable error”

· Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as
the Internet.

Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls
filter traffic between two or more networks and run on network hardware. Host-based firewalls run on
host computers and control network traffic in and out of those machines.

History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers.
ACLs are rules that determine whether network access should be granted or denied to specific IP
address.

But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the
capacity to keep threats out of the network. Hence, the Firewall was introduced.
TYPES / GENERATIONS OF FIREWALLS

PACKET FILTERING FIREWALLS

Packet filtering firewall is used to control network access by monitoring outgoing and incoming
packet and allowing them to pass or stop based on source and destination IP address, protocols and
ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).

· Checks data packets on the basis of source and destination IP addresses.

· Also checks for source and destination IP ports

Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an
existing stream of traffic. Only It can allow or deny the packets based on unique packet headers.Packet
filtering firewall maintains a filtering table which decides whether the packet will be forwarded or
discarded. From the given filtering table, the packets will be Filtered according to following rules:

RULES TO FOLLOW FOR ABOVE EXAMPLE IN PICTURE

Incoming packets from network 192.168.21.0 are blocked.

Incoming packets destined for internal TELNET server (port 23) are blocked.

Incoming packets destined for host 192.168.21.3 are blocked.

All well-known services to the network 192.168.21.0 are allowed.

Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able
to determine the connection state of packet, unlike Packet filtering firewall, which makes it more
efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So
the filtering decisions would not only be based on defined rules, but also on packet’s history in the state
table.
Application Layer Firewall : Application layer firewall can inspect and filter the packets on any
OSI layer, up to the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused.

In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the
direct connection between either side of the firewall, each packet has to pass through the proxy. It can
allow or block the traffic based on predefined rules.

· It also checks data with the header.

· It works through proxy servers.

· more secure

· Processing overhead.
LINK for firewalls

https://www.geeksforgeeks.org/introduction-of-firewall-in-computer-network/

https://www.youtube.com/watch?v=KZc1KaE1OKU